An Ominous Weaponization of Mobile Exploits
Another day, another mobile exploit. Last week we realized the dangers of public WiFi abuse are magnified by inexpensive hacker kits for snooping on our supposedly HTTPS-protected logins. This week, we learn of inexpensive IMSI catchers bringing cell phone… Continue reading
How to Protect Against the Dangers of Public WiFi Abuse
Art Gross blogs on Breach Secure Now: “An article over at medium [by Maurits Martijn] gives excellent insight into the real dangers of open public WiFi. After reading this article you will never use a public WiFi… Continue reading
Identity Management: The Times They Are A-Changing
In a very interesting article on New Tools for Modern Identity, Mark Diodati addresses new challenges with user authentication. He argues that adaptive authentication, and mobile biometric authentication are here to stay. I agree and encourage folks to… Continue reading
Beyond SWGs (Part 2): Cloud Security Platforms
While battling cyberattackers, security vendors are also struggling to stay on top of disruptive mobile and cloud trends. As I wrote in part 1 of this article, secure web gateways (SWGs) have proven less than 100% effective against sophisticated… Continue reading
The Mobile Security Gap
No one has fully figured out how to throw a security blanket over the enterprise mobile environment, that chaotic patchwork of geographies, carriers, operating systems, applications, device types and ownership models.
Any enterprise tackling web security for mobile devices must… Continue reading
Can the Internet of Things be Secure?
We’re coming up on a May 27 OASIS virtual session 11 AM EDT session:
Can the Internet of Things be secure? The impact on privacy and data control with Jamie Clark, Mark O’Neill, Dan Blum and Jonathan Rodriguez. For full… Continue reading
Back to the Future (of Identity)
Lately the proposals for “identity oneness” are back in force. And for me, deja vu. I’ve been through the year of PKI and so many grand efforts that I long ago came down on Kim Cameron’s side that what we… Continue reading
Out of the Box Thinking on Password Policies
For all that authentication vendors may proclaim “the death of passwords,” the pesky things aren’t going away. In fact, I don’t think they should. However, I’ll be the first to acknowledge how broken password authentication is in current practice. Sardonically… Continue reading
Direct Memory Access (Again)
My wife’s always “watching the detectives” (per the title of that old Elvis Costello song) and sometimes I join her. But nowadays she’s not “filing her nails as they’re dragging the lake,” instead she’s painting her toenails as the NCIS… Continue reading
Trust No One Device (Part 2)
My advice from the first Trust No One (Device) hasn’t sunk in. Levels of end user compromise are far too high, complacency reigns about mobile phone security and the risks of social networks and cloud-based storage are becoming more… Continue reading